How to? - use/configure winbind/ntlm_auth for Windows authentication

Pete Flynt peteflynt at hotmail.com
Thu Jun 9 09:14:43 CEST 2005


Thanks for your solution.
I think this will be helpful for some people.
I'll try this on next opportunity.
But does it provide Single-Sign-On possibility with windows credentials like 
PEAP MSCHAPv2?

I've finally managed to get the ntlm_auth working.

When one knows how to do it, it is very easy:
On my fedora core 3 (with samba) I ran the authconfig tool, checked the "use 
winbind/use winbind for authentication" options, entered the domain info, 
joined the windows domain via net rpc and ntlm_auth worked at once! I did 
not have to touch samba config files.

Regards,
Pete

>Subject: How to? - use/configure winbind/ntlm_auth for Windows 
>authentication
>Date: Wed, 8 Jun 2005 15:00:10 -0400
>
>I use LDAP.   For each OU I want to authenticate I create an entry in
>radiusd.conf
>
>
>
>ldap  MyFirstOU {
>
>                 server = "your.server.dns.name"
>
>                 identity = "CN=LDAP VIEW,CN=Users,DC=acs,DC=ocad,DC=ca"
>
>                 password = ldapAccountPassword
>
>                 basedn = "ou=yourOU,dc=acs,dc=ocad,dc=ca"
>
>                 filter =
>"(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})"
>
>                 start_tls = no
>
>                 tls_mode = no
>
>                 groupname_attribute = cn
>
>                 groupmembership_filter =
>"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=Gr
>oupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))"
>
>                 ldap_connections_number = 5
>
>                 timeout = 4
>
>                 timelimit = 3
>
>                 access_attr_used_for_allow = yes
>
>         }
>
>
>
>authorize {
>
>             MyFirstOU
>
>             }
>
>
>
>Auth-Type LDAP {
>
>             MyFirstOU
>
>}
>
>
>
>You need a user on the AD box called "LDAP VIEW" with a password of
>"ldapAccountPassword".
>
>
>
>Works great for me.
>

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/




More information about the Freeradius-Users mailing list